The instant invention relates to value metering systems which utilize public key cryptography for printing verifiable indications of value, and more particularly, to value metering systems which periodically generate new public key pairs and securely provide the newly generated public key to a data center located remotely from the value metering system.
The United States Postal Service (USPS) is currently advocating the implementation of a new Information-Based Indicia Program (IBIP) in connection with the printing of postage indicium by postage metering systems. Under this new program, each postage indicium that is printed will include cryptographically secured information in a barcode format together with human readable information such as the postage amount and the date of submission to the post office. The cryptographically secured information is generated using public key cryptography and allows a verification authority, such as the post office, to verify the authenticity of the printed postage indicium based on the information printed in the indicium and the printed destination address.
In at least one scenario, use of the public key cryptographic system for postage metering systems requires the generation within each individual metering device of a key pair consisting of a private key xe2x80x9cVxe2x80x9d and a corresponding public key xe2x80x9cUxe2x80x9d. The private key V is used by the individual metering system to digitally sign the printed indicium and the digital signature is included as part of the bar coded portion of the indicium. Thus, when the verifying authority receives the indicium it verifies its authenticity in a known manner using the public key U which the verifying authority has previously received or which was sent to the verifying authority as part of the indicium. The receipt by the verifying authority of the public key is in the form of a certificate which includes, at a minimum, the public key U together with a digital signature of that public key using a private key of a trusted third party.
The USPS has recognized however, that the security of the public key system is based on the ability to prevent the compromise of the keys utilized. Accordingly, while the use of extremely large keys helps to ensure that the keys are not compromised by cryptoanalysis, the USPS has further proposed to increase security by requiring that the key pair used by each individual meter be changed on a periodic basis. Thus, each metering system will generate a new key pair to replace the existing key pair on a periodic basis. However, once a new public key U and private key V have been generated by the metering system, the new public key must be securely sent to a certificate authority so that a new public key certificate can be generated by the certificate authority and distributed back to the metering system or the verifying authority as appropriate. The USPS has proposed using the private key being replaced to sign the newly generated public key and sending the digitally signed newly generated public key to the certificate authority. The problem with this scenario is that if the private key being replaced has already been compromised, a fraudulent replacement public key can be sent to the certificate authority who will then issue a public key certificate based on the fraudulent public key. If this were to occur, postage Indicia could be printed with a standard computer without having any of the postage accounted for because the fraudulent Indicia will verify as being authentic at the verification facility.
Thus, what is needed is a method and apparatus which permits the secure transfer of newly generated public or private keys from a first device to a second device.
It is an object of the invention to provide a method of securely transmitting a key from one device to another. This object is met by providing a method for transmitting a key from a first device to a remotely located second device via the steps of generating the key within the first device; selecting one of a plurality of one-time pad values from a one-time pad stored within the first device; creating a hash of at least the key and the selected one of the plurality of one-time pad values; and sending the hash and the key from the first device to the second device.